Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files not crypt. Only extension renamed!


  • Please log in to reply
7 replies to this topic

#1 ataly

ataly

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 18 May 2017 - 07:20 AM

Hello Everyone,

Only the extensions of the files have changed. (.sasavevo16@gmail.com)
Is there a way i can recovery file extensions?
 
 
There are 2 files on the linkte below. 1. file xls 2. file .xlsx. 
 

 

https://dropfile.to/4aQbZ6k



BC AdBot (Login to Remove)

 


#2 Joykill

Joykill

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:01:48 PM

Posted 18 May 2017 - 08:30 AM

You want to enable showing file extentions in Windows. How to configure Windows to show file extentions depends on which version you're running. This Microsoft support page should tell how to do it for your particular system.

 

Then it is simply a matter of adding the file extention (.xls or .xlsx) at the end of the file name, after the .com. I've tested your first sample and it appears to work just fine.


Edited by Joykill, 18 May 2017 - 08:30 AM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:48 AM

Posted 18 May 2017 - 10:44 AM


Did you find any ransom notes and if so, what is it's actual name?

You can submit any samples to ID Ransomware?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 ataly

ataly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 18 May 2017 - 10:52 AM

You want to enable showing file extentions in Windows. How to configure Windows to show file extentions depends on which version you're running. This Microsoft support page should tell how to do it for your particular system.

 

Then it is simply a matter of adding the file extention (.xls or .xlsx) at the end of the file name, after the .com. I've tested your first sample and it appears to work just fine.

Dear Joykill,

Thank you for reply.
I solve the problem by changing the file extensions. But there are thousands of files and hundreds of extensions. I am looking for a software that will do this automatically.


#5 ataly

ataly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 18 May 2017 - 10:54 AM

Did you find any ransom notes and if so, what is it's actual name?

You can submit any samples to ID Ransomware?

 

Ransom Note: Hello.txt

 

Payment is required
We accept payment in Bitcoin (BTC) only.
If you have bitcoins:
1. To pay the amount of 1 bitcoin
2. The transaction will take about 15-30 minutes for approval.
 
If you have no bitcoins:
1. Open one of the exchangers:
 
and select your country and currency.
 
How to Fund bitcoin wallet 
 
Here is a site to check Bitcoin Wallet https://blockchain.info/tr/wallet/#/signup
 
mail- sasavevo16@gmail.com


#6 Joykill

Joykill

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:01:48 PM

Posted 18 May 2017 - 11:28 AM

 

You want to enable showing file extentions in Windows. How to configure Windows to show file extentions depends on which version you're running. This Microsoft support page should tell how to do it for your particular system.

 

Then it is simply a matter of adding the file extention (.xls or .xlsx) at the end of the file name, after the .com. I've tested your first sample and it appears to work just fine.

Dear Joykill,

Thank you for reply.
I solve the problem by changing the file extensions. But there are thousands of files and hundreds of extensions. I am looking for a software that will do this automatically.

 

Unfortunately I don't think there is an easy way to do this. Software such as TrIDNet  tries to guess which file extension a certain file should use, but as far as I know doesn't allow automatically assigning it to the detected file extension. 



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:48 AM

Posted 18 May 2017 - 02:26 PM

Submit Hello.txt and a sample file to ID Ransomware. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 merinodanilo

merinodanilo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 18 May 2017 - 03:49 PM

Hi,

I found this for WannaCry, havent use it, but is the same logic. The tool detects the type of file and rename it.

 

 

Let me know how it goes.

 

 

DM






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users